Описание
Mozilla Firefox before 42.0 on Android improperly restricts URL strings in intents, which allows attackers to conduct cross-site scripting (XSS) attacks via vectors involving an intent: URL and fallback navigation, aka "Universal XSS (UXSS)."
Mozilla Firefox before 42.0 on Android improperly restricts URL strings in intents, which allows attackers to conduct cross-site scripting (XSS) attacks via vectors involving an intent: URL and fallback navigation, aka "Universal XSS (UXSS)."
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2015-7191
- https://bugzilla.mozilla.org/show_bug.cgi?id=1208956
- https://security.gentoo.org/glsa/201512-10
- http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html
- http://www.mozilla.org/security/announce/2015/mfsa2015-125.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.securitytracker.com/id/1034069
Связанные уязвимости
Mozilla Firefox before 42.0 on Android improperly restricts URL strings in intents, which allows attackers to conduct cross-site scripting (XSS) attacks via vectors involving an intent: URL and fallback navigation, aka "Universal XSS (UXSS)."
Mozilla Firefox before 42.0 on Android improperly restricts URL strings in intents, which allows attackers to conduct cross-site scripting (XSS) attacks via vectors involving an intent: URL and fallback navigation, aka "Universal XSS (UXSS)."
Mozilla Firefox before 42.0 on Android improperly restricts URL string ...
Уязвимость браузера Firefox, позволяющая нарушителю выполнить межсайтовое выполнение сценариев
Security update for MozillaFirefox, mozilla-nspr, mozilla-nss, xulrunner, seamonkey